Introduction to WP Travel Engine Vulnerabilities
The WP Travel Engine is a popular WordPress plugin used by travel agencies to enable users to plan itineraries, select from different packages, and book any kind of vacation. Recently, two critical vulnerabilities were identified in this plugin, which is installed on more than 20,000 websites. Both vulnerabilities enable unauthenticated attackers to obtain virtually complete control of a website and are rated 9.8 on the CVSS scale, very close to the highest possible score for critical flaws.
What is WP Travel Engine?
The WP Travel Engine is a travel booking plugin for WordPress that allows users to book vacations and travel packages. It is a popular choice among travel agencies due to its ease of use and flexibility. However, the recent discovery of vulnerabilities in the plugin has raised concerns about its security.
Improper Path Restriction (Path Traversal)
The first vulnerability comes from improper file path restriction in the plugin’s set_user_profile_image function. Because the plugin fails to validate file paths, unauthenticated attackers can rename or delete files anywhere on the server. Deleting a file such as wp-config.php disables the site’s configuration and can allow remote code execution. This flaw can enable an attacker to stage a remote code execution attack from the site.
Local File Inclusion via Mode Parameter
The second vulnerability comes from improper control of the mode parameter, which lets unauthenticated users include and run arbitrary .php files. This enables an attacker to run malicious code and access sensitive data. Like the first flaw, it has a CVSS score of 9.8 and is rated as critical because it allows unauthenticated code execution that can expose or damage site data.
Recommendation
Both vulnerabilities affect versions up to and including 6.6.7. Site owners using WP Travel Engine should update the plugin to the latest version as soon as possible. Both vulnerabilities can be exploited without authentication, so prompt updating is recommended to prevent unauthorized access.
Conclusion
In conclusion, the WP Travel Engine plugin has two critical vulnerabilities that can be exploited by unauthenticated attackers to gain control of a website. It is essential for site owners to update the plugin to the latest version to prevent these vulnerabilities from being exploited. By doing so, they can protect their website and sensitive data from potential attacks. The security of a website is crucial, and staying up-to-date with the latest security patches is essential to prevent cyber attacks.